[RSS] DOM Purify - dirty namespace bypass

https://blog.slonser.info/posts/dompurify-dirty-namespace-bypass/

Here's a link to today's AI slop #curl #hackerone report. Freshly disclosed: https://hackerone.com/reports/2887487

The #curl CVE we will publish on Wednesday addresses an issue that has existed in source code for almost twenty-five years.

severity low though, so the sky might not fall this week either

New Project Zero issue:

Linux >=v6.8-rc1: VMA UAF when nascent MM is accessed through forked userfaultfd or khugepaged after aborted fork

https://project-zero.issues.chromium.org/issues/373391951

CVE-2024-50263, CVE-2024-50220

I published an Advanced Persistent Threat (APT) profile on Gamaredon, a Russian state-sponsored cyberespionage group. Gamaredon (Group) is also known as Aqua Blizzard/ACTINIUM, and BlueAlpha, but most vendors do refer to them as Gamaredon. In 2021, they were publicly attributed by the Security Service of Ukraine (SSU) to Russia's Federal Security Service (FSB) Centers 16 and 18.

#gamaredon #russia #cyberespionage #fsb #bluealpha #aquablizzard #infosec #cybersecurity #cyberthreatintelligence #CTI #threatintel

New Project Zero issue:

Windows Kernel registry security descriptor refcount may overflow when referenced by too many transacted operations

https://project-zero.issues.chromium.org/issues/42451732

CVE-2024-43641

New assessment for topic: CVE-2024-9474

Topic description: "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. ..."

"[CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474) was exploited in the wild as part of an exploit chain, paired with the authentication bypass [CVE-2024-0012](https://attackerkb.com/topics/MLL6c2Y4Oo/cve-2024-0012), to allow for unauthenticated RCE ..."

Link: https://attackerkb.com/assessments/83a9c0f2-2ff0-4b7a-ab52-a8f4897d148b

CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle #Django

https://www.djangoproject.com/weblog/2024/dec/04/security-releases/

Mandiant's Thibault Van Geluwe de Berlaere demonstrates a novel technique that can be used to circumvent all three current types of browser isolation (remote, on-premises, and local) for the purpose of controlling a malicious implant via C2. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

itch.io is reporting on bsky that their domain has been taken down due to ...well.

#BOFH excuse #415:

Maintenance window broken

Lies, damned lies, and photodiodes: https://lcamtuf.substack.com/p/lies-damned-lies-and-photodiodes

New episode is up!
https://unnamedre.com/episode/72

I was surprised to receive an email from Amazon that indicated that two items in my wishlist were shipped. I mean... I only expressed the desire to maybe purchase them in the future, right?

As it turns out, that email you read in Gmail isn't the email from Amazon. It's a summary of what Gmail thinks Amazon emailed you about. You have to scroll down to see the actual email that they sent. Amazon stopped emailing you what's being shipped to you a long time ago, anyway.

play the grindr notification noise at Christmas dinner to see which conservative relatives panickedly check their phone ringer

are you a programmer? do you like heavy metal? would you like to be *really upset* by a music video?

do i have something for you.

https://www.youtube.com/watch?v=yup8gIXxWDU

Tell you a secret about red team #cybersecurity work:

Almost everyone wants to pretend to be a red teamer; almost nobody had the willingness to put in the real work to become one.

Responsible Red Teaming is @thetaggartinstitute 's most enrolled course by a wide margin.

It is also the least-completed.

The course content is not more technical than any other offensive security course. Indeed, most of it is far less, instead requiring you to think about the human impact of the work. This course discusses how to operate in a safe, appropriate manner. It is not about popping shells.

Once most folks discover this, they bail.

If you want to do offensive security solely because you want to "hack stuff," you're a liability. You must understand your role in hardening defenses and working with defenders to improve operational security.

The job is not a CTF. If you can't hack that, please find another line of work.

Stop. Truncating. Hashes.

https://www.phoronix.com/news/OpenWrt-Compromised-ASU-Builds

As a service to security researcher, I added this section to #curl's hackerone page:

AI

If you have used AI in the creation of the vulnerability report, you must disclose this fact in the report and you should do so clearly. We will of course doubt all "facts" and claims in reports where an AI has been involved. You should check and double-check all facts and claims any AI told you before you pass on such reports to us. You are normally much better off avoiding AI.

https://hackerone.com/curl